Also, with Reza's suggestion, you should understand that a server (unless able to be configured) will come over the native vlan. If your native is vlan 1, and you only allow vlan 8 and 15, then the server isn't going to come over vlan 8 or 15 unless you've configured the card to tag the traffic as 8 or 15.

If you're wanting to change the native for a trunk, you can do that on this port specifically with "switchport trunk native vlan 8" if that's what you want the untagged vlan on.

HTH,
John

*** Please rate all useful posts ***

Bob,

It's also going to depend on the subnet though. If you're vlan 1 runs subnet 192.168.1.0, but your vlan 8 ran 192.168.8.0 and you now add the trunk, you'll still lose traffic because the server's subnet doesn't match what vlan 1 is expecting. Make sense? You'd have to change the server's address from 192.168.8.0/24 to 192.168.1.x/24 in order for that to work.

HTH,
John

*** Please rate all useful posts ***

Well, you can have a L2 vlan and not have an address associated. So, you could have 3 switches with vlan 8 and no router. As long as all of your hosts that are in vlan 8 are in the same subnet, you'd be able to communicate fine. It's when you're trying to cross vlans that you'll run into a problem. You need a device to route between vlans in order to communicate with others outside of your vlan. So, it's not necessary to have a L3 svi on your switch (vlan interface with ip address assigned), but you'll need something to route. If you're firewall is the only other device on that subnet that has an address, that's possibly the default gateway on the servers? Does the firewall see all of the other subnets? If so, that's probably your L3 device that's doing your routing.

HTH,
John

*** Please rate all useful posts ***

Yes the firewall does see the other VLANs, each interface on the firewall is assigned an different IP from all the subnets we run and those interfaces are connected to switch ports that are assigned to a specific VLAN that we've deemed to be assoicated to that subnet.  We do not have any issues with our Web Servers talking to our App Servers which both are in a two completely different subnet/vlans.

Bob

Okay, so I don't think adding vlan 1 to the trunk port is going to resolve your issue. You should try the following:

switchport mode trunk

switchport trunk allowed vlan 8,15

switchport trunk native vlan 8

HTH,
John

*** Please rate all useful posts ***

Thanks John, I'll give that a try.  My maintenance window opens in about 15 minutes so I'll keep you posted shortly.

Bob

Are you trying to make the port trunk, because you are using VMs with multiple vlans?

If yes, than the vlan IDs need to be added on the VM side.

HTH

Reza..Yes that's excatly what I'm trying to do.. I have added the new vlan IDs to the VM side, however my vm server is not able to get out to the network, but I can see in the switch that the MAC address is in it's table so I was thinking this may be the problem, because I'm using 1 Interface on my firewall to "host" two subnets/vlans but the switchports they are connected to only allow one VLAN. So I thought maybe the problem was that because the switchport was only set to allow VLan 8 traffic to and from that firewall interface that was my issue.  When we attempted this the first time the servers connected to the switch that were using that VLAN 8 would stop communicating when we attempted to lock the trunk down to only new vlan and the orginial..  At the moment I still can't get my VM server to see the outside world..

Bob,

Ok, lets take step back

When you say:

because I'm using 1 Interface on my firewall to "host" two subnets/vlans

Are you using Sub-interfaces on the firewall to host multiple subnets?

You know, you need a sub-interface with IPs for vlan 8 and also 15.

HTH

Reza